Description
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://access.redhat.com/libvirt-privesc-vulnerabilities
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-18
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
33.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (13)
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server_aus
7.6
redhat/enterprise_linux_server_eus
7.6
redhat/enterprise_linux_server_tus
7.6
redhat/enterprise_linux_workstation
6.0
... and 3 more
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026